Azure allows one to create the user and password during the creation of a virtual machine which can later be used for SSH into that VM.
How to create a user and password during run instance in AWS using Java SDK which can be used for SSH.
Currently I laucnh Vm as
runInstancesRequest
.withTagSpecifications(tagSpecification)
.withImageId(ec2Configuration.getImageId())
.withInstanceType(ec2Configuration.getInstanceType())
.withMinCount(ec2Configuration.getMincount())
.withMaxCount(ec2Configuration.getMaxcount())
.withKeyName(ec2Configuration.getKeyPairName())
.withSecurityGroupIds(Arrays.asList(ec2Configuration.getSgId()));
.withMonitoring(true);
RunInstancesResult result = amazonEC2Client.runInstances(
runInstancesRequest);
I want to add something like this
runInstancesRequest
.withTagSpecifications(tagSpecification)
.withImageId(ec2Configuration.getImageId())
.withInstanceType(ec2Configuration.getInstanceType())
.withMinCount(ec2Configuration.getMincount())
.withMaxCount(ec2Configuration.getMaxcount())
.withKeyName(ec2Configuration.getKeyPairName())
.withSecurityGroupIds(Arrays.asList(ec2Configuration.getSgId()));
.withMonitoring(true)
.withUserName("newUser")
.withPassword("d#mnHardPassw0rd");
RunInstancesResult result = amazonEC2Client.runInstances(
runInstancesRequest);
I know AWS has default usernames and passwords based on the AMI but I want to make my own custom username and password while launching the VM.
Edit
Also, How to SSH to a Windows a instance? Is the RDP only option? How can I connect via the key pair and SSH? How to get it's administrator password.
You can add it using UserData:
RunInstancesRequest.withUserData(String userData)
and the user data can be found in the URL below
https://aws.amazon.com/premiumsupport/knowledge-center/ec2-user-account-cloud-init-user-data/
Related
I launched a windows EC2 instance on AWS but I can't get the password for login. I keep getting this warning message even one day after launching the server.
Password not available yet.
Please wait at least 4 minutes after launching an instance before trying to retrieve the auto-generated password.
Note: Passwords are generated during the launch of Amazon Windows AMIs or custom AMIs that have been configured to enable this feature. Instances launched from a custom AMI without this feature enabled use the username and password of the AMI's parent instance.
And I also tried below command line:
$ aws --profile ie ec2 get-password-data --instance-id i-xxxxx --priv-launch-key my.pem --region ap-southeast-2
but it returns an empty password:
{
"InstanceId": "i-xxxx",
"PasswordData": "",
"Timestamp": "2019-08-05T23:12:04.000Z"
}
So how can I get the password for this EC2 instance?
I have tried to stop/start the instance but it doesn't help.
One possible reason is that the instance is launched from a customised AMI but I also don't know that AMI's password. Is there a way to reset the password?
It's possible that EC2Config is disabled. The empty string you are getting for console output caused by this. It could be an issue with the EC2Config service; either the misconfigured configuration file or that Windows failed to boot properly.
For recovery, I'd say try the password you used at the machine used to create the AMI and if it's not a custom made AMI, try a different one altogether. I'd be more helpful if you can share the AMI ID.
Additionally, if you are looking to recover data on an EBS volume of the server, you can follow this
My goal is to spin up an EC2 instance, make an AMI from that instance, use the custom AMI to spin up a new instance that uses password authentication instead of keys.
I changed /etc/ssh/sshd_config to have PasswordAuthentication yes before creating the AMI, but I still get "permission denied (publickey)" when trying to SSH to the new instance created from the custom AMI.
I followed these steps and they work on the first instance, but then I still get the error when logging into the instance created from the customn AMI.
AWS support fixed my problem, here is their answer:
Make changes to the following lines in /etc/cloud/cloud.cfg file on
the original instance launched in the above steps as follows:
Default
settings:
ssh_pwauth: 0
lock_passwd: true
Settings after modification:
ssh_pwauth: 1
lock_passwd: false
service sshd restart
REFERENCES
https://cloudinit.readthedocs.io/en/latest/topics/examples.html#including-users-and-groups
https://cloudinit.readthedocs.io/en/latest/topics/modules.html
I just started using gcloud, and I noticed when I create a VM or going into cloud console, my full name shows up in the console.
Is there a way to create another user with a more generic name? I don't like having my full name in all my VM's and consoles.
Do I just create another user as 'owner' or is there a best practices around this?
When you use gcloud compute ssh [INSTANCE_NAME], gcloud uses your current credentials to create an SSH keypair. The project ssh metadata is then updated with this username and SSH keypair. This is what you are seeing once you connect.
You can create a new SSH keypair with any username that you want. Then you can add this keypair to the instance metadata. Then you can login using that username. This also creates a new home directory in the instance.
For these examples, let's say that you want to create a new user 'development'.
STEP 1: Create a new SSH keypair
ssh-keygen -t rsa -f keypair -C development
This will create two files:
keypair - this is your RSA private key. You need this file to login via SSH to your instance using the new username.
keypair.pub - this is your SSH-RSA public key. The contents is imported to your instance. Display the contents of this file. Notice the username at the end.
STEP 2 (Google Cloud Console Method):
Login to the Google Cloud Console.
Go to "Compute Engine" -> "VM instances".
Click on the instance that you want to modify.
Click the "EDIT" button to modify the instance.
Scroll down to "SSH Keys". Click "Show and edit" under "You have 0 SSH keys".
Copy and paste the contents of "keypair.pub" into the box where "Enter entire key data" is displayed.
Scroll down to the bottom and click "Save".
STEP 3 - Connect to the instance using SSH:
Replace the IP_ADDRESS with the Compute Engine instances external IP address in the following command.
ssh -i keypair development#IP_ADDRESS
This is the correct method to support multiple users connecting to the same Compute Engine instance. Each user has their own keypair and their own username and home directory.
This is also the correct method to provide users with login access to an instance that do not have Google Cloud IAM permissions to the cloud account.
For advanced users, you can use the gcloud compute instances add-metadata command to add the SSH public key to the instance.
You can also add this SSH public key to the Project Metadata which will make this keypair available on all instances within a project.
I used Ansible to create a gce cluster following the guideline at: https://docs.ansible.com/ansible/latest/scenario_guides/guide_gce.html
And at the end of the GCE creations, I used the add_host Ansible module to register all instances in their corresponding groups. e.g. gce_master_ip
But then when I try to run the following tasks after the creation task, they would not work:
- name: Create redis on the master
hosts: gce_master_ip
connection: ssh
become: True
gather_facts: True
vars_files:
- gcp_vars/secrets/auth.yml
- gcp_vars/machines.yml
roles:
- { role: redis, tags: ["redis"] }
Within the auth.yml file I already provided the service account email, path to the json credential file and the project id. But apparently that's not enough. I got errors like below:
UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", "unreachable": true}
This a typical ssh username and credentials not permitted or not provided. In this case I would say I did not setup anything of the username and private key for the ssh connection that Ansible will use to do the connecting.
Is there anything I should do to make sure the corresponding credentials are provided to establish the connection?
During my search I think one question just briefly mentioned that you could use the gcloud compute ssh... command. But is there a way I could specify in Ansible to not using the classic ssh and use the gcloud one?
To have Ansible SSH into a GCE instance, you'll have to supply an SSH username and private key which corresponds to the the SSH configuration available on the instance.
So the question is: If you've just used the gcp_compute_instance Ansible module to create a fresh GCE instance, is there a convenient way to configure SSH on the instance without having to manually connect to the instance and do it yourself?
For this purpose, GCP provides a couple of ways to automate and manage key distribution for GCE instances.
For example, you could use the OS Login feature. To use OS Login with Ansible:
When creating the instance using Ansible, Enable OS Login on the target instance by setting the "enable-oslogin" metadata field to "TRUE" via the metadata parameter.
Make sure the Service Account attached to the instance that runs Ansible have both the roles/iam.serviceAccountUser and roles/compute.osLoginAdmin permissions.
Either generate a new or choose an existing SSH keypair that will be deployed to the target instance.
Upload the public key for use with OS Login: This can be done via gcloud compute os-login ssh-keys add --key-file [KEY_FILE_PATH] --ttl [EXPIRE_TIME] (where --ttl specifies how long you want this public key to be usable - for example, --ttl 1d will make it expire after 1 day)
Configure Ansible to use the Service Account's user name and the private key which corresponds to the public key uploaded via the gcloud command. For example by overriding the ansible_user and ansible_ssh_private_key_file inventory parameters, or by passing --private-key and --user parameters to ansible-playbook.
The service account username is the username value returned by the gcloud command above.
Also, if you want to automatically set the enable-oslogin metadata field to "TRUE" across all instances in your GCP project, you can simply add a project-wide metadata entry. This can be done in the Cloud Console under "Compute Engine > Metadata".
this is a newbie question. Please, bear with me.
I tried to create an instance using AWS SDK for JAVA by following the official tutorial. When It comes to the key pair part I get confused :
CreateKeyPairRequest createKeyPairRequest = new CreateKeyPairRequest();
createKeyPairRequest.withKeyName("azzouz_key");
CreateKeyPairResult createKeyPairResult = Client.createKeyPair(createKeyPairRequest);
KeyPair keyPair = new KeyPair();
keyPair = createKeyPairResult.getKeyPair();
String privateKey = keyPair.getKeyMaterial();
RunInstancesRequest runInstancesRequest = new RunInstancesRequest();
runInstancesRequest.withImageId("ami-4b814f22")
.withInstanceType("m1.small")
.withMinCount(1)
.withMaxCount(1)
.withKeyName("azzouz_key")
.withSecurityGroups("Azzouz_group");
By doing like this, how can I use aws cli to connect to the instance I created using the SDK, I mean how to locate the .pem file ( if it does exist ). Is my logic correct in term of creating ec2 instance using the code and manage it via aws cli, or it should all be in the same way?!
The PEM key is in the contents of your privateKey String variable. You need to write that out to a file, as this is the only time you will be able to get to it via the API.
To connect to the server, you don't use the AWS CLI. You would use the ssh command. I would read the answers to this question for more information about using SSH to connect to an EC2 server: how to login to ec2 machine?